Re: Bridge IDS

[Olli Jarva <joku () ranssi paivola net>]

Snort with bridge:

I tried Snort with (Linux) bridge. Simply put to interface name to bridge 
name (e.g. br0). There was some problems if bridge interface do not have
IP, with valid IP everything works fine.

On Thu, 5 Aug 2004, Lee Sheng wrote:

> All,
>
>
> Perhaps this is silly question, however I wanna know that if bridge firewall 
> can be done, how about building a bridge IDS. I know there is 
> snort-inline(consoder IPS) that we can use but what I mean is just snort 
> without patching. Using three network interface, two for building a bridge 
> and one for console. Can it be done? Tap is far too expensive for individual 
> like me :)
>
> Any suggestion would be appreaciated! Thanks.
>
>
> Regards,
> Lee
>
> _________________________________________________________________
> Using a handphone prepaid card? Reload your credit online! 
> http://www.msn.com.my/reloadredir/default.asp
>
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from CORE
> IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
> learn more.
> --------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------